📅 Original date posted:2013-05-14 📝 Original message:On Tue, May 14, 2013 at ...

Peter Todd [ARCHIVE] /

npub1m23…2np2

2023-06-07 15:01:58

in reply to nevent1q…xnw5

📅 Original date posted:2013-05-14
📝 Original message:On Tue, May 14, 2013 at 09:16:28PM +0200, Melvin Carvalho wrote:
> > FWIW I take this stuff pretty seriously myself. I generated my key
> > securely in the first place, I use a hardware smartcard to store my PGP
> > key, and I keep the master signing key - the key with the ability to
> > sign other keys - separate from my day-to-day signing subkeys. I also
> > PGP sign emails regularly, which means anyone can get a decent idea of
> > if they have the right key by looking at bitcoin-development mailing
> > list archives and checking the signatures. A truly dedicated attacker
> > could probably sign something without my knowledge, but I've certainly
> > raised the bar.
> >
>
> Just out of curiosity, could PGP keyservers suffer from a similar 51%
> attack as the bitcoin network?

What guarantees do you think a keyserver provides about the keys it
returns?

--
'peter'[:-1]@petertodd.org
0000000000000142ad32a203b1627bee8126fa4bcd940b0da3f32bf1b5b07a24
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130514/cc1a2aca/attachment.sig>;

Author Public Key

npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2

Show more details

Published at

2023-06-07 15:01:58

Kind type

1 Short Text Note

Event JSON

{ "id": "308e6eebe50bfa32908d199b43f8b87b285dcd234fb35da9a0261ee7e3441b15", "pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa", "created_at": 1686150118, "kind": 1, "tags": [ [ "e", "d4362c2579a3b89d4d5eaa7b140b6f66760c6321f0a54e42c9458589e6b73817", "", "root" ], [ "e", "e147f68fb79061779bd640fd5d17375156cf6ad157edb0172f8c2243392044ee", "", "reply" ], [ "p", "e316966328c4cb66c34719ef9a7b3bc54ef601663ad4ab06185991237735aa19" ] ], "content": "📅 Original date posted:2013-05-14\n📝 Original message:On Tue, May 14, 2013 at 09:16:28PM +0200, Melvin Carvalho wrote:\n\u003e \u003e FWIW I take this stuff pretty seriously myself. I generated my key\n\u003e \u003e securely in the first place, I use a hardware smartcard to store my PGP\n\u003e \u003e key, and I keep the master signing key - the key with the ability to\n\u003e \u003e sign other keys - separate from my day-to-day signing subkeys. I also\n\u003e \u003e PGP sign emails regularly, which means anyone can get a decent idea of\n\u003e \u003e if they have the right key by looking at bitcoin-development mailing\n\u003e \u003e list archives and checking the signatures. A truly dedicated attacker\n\u003e \u003e could probably sign something without my knowledge, but I've certainly\n\u003e \u003e raised the bar.\n\u003e \u003e\n\u003e \n\u003e Just out of curiosity, could PGP keyservers suffer from a similar 51%\n\u003e attack as the bitcoin network?\n\nWhat guarantees do you think a keyserver provides about the keys it\nreturns?\n\n-- \n'peter'[:-1]@petertodd.org\n0000000000000142ad32a203b1627bee8126fa4bcd940b0da3f32bf1b5b07a24\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 198 bytes\nDesc: Digital signature\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130514/cc1a2aca/attachment.sig\u003e", "sig": "44deb39a807db9ae63ed9e82e3cd5f2e79e114e97ea0ba8e078580c25990e3d4306ea2fa3eeafc32407f2c214f463acb530956166d3dad65f187f15e32fd2fc2" }